Security experts criticize malware list

Just how useful is the Common Malware Enumeration (CME) initiative debuted by U.S.-CERT this autumn?

The system was created to sort out some of the confusion created by the different naming systems used by different security vendors, and to help system administrators deal with outbreaks more effectively. Some security experts have, however, voiced doubts as to how well CME is working in practice.

One complaint is that the system isn't providing much information on malware aside from listing the reference codes used by different security vendors. Such information was promised more than a year ago by the organizers of the CME plan -- U.S.-CERT, the U.S. Department of Homeland Security, and antivirus vendors such as Microsoft, Trend Micro, McAfee and Symantec.

The plan was outlined in an open letter, published by the SANS Institute, in which the organizations said U.S.-CERT would "assign a CME identifier... to each new, unique threat and to include additional incident response information when available".

The goal was "improving the malware information resources available to (antivirus) software users, first responders, and malware analysts -- anyone who depends on accurate, concise information about malware," the letter said.

The letter was in response to criticism voiced in an earlier open letter to the security industry by Chris Mosby, a system administrator, in which he strongly criticized antivirus vendors for adopting "an isolationist attitude" that made it difficult for administrators to deal with complex virus outbreaks. "As the customers that spend money for your products, we should not have to work so hard to figure out if your products are keeping us protected," Mosby wrote.

A year later, the most difficult part of the CME project - distinguishing similar pieces of malicious code from one another - appears to be working. But CME still only provides a basic list of names used by different vendors, without listing details or even including links.

This makes the project of limited use, even compared with similar, independent projects such as Secunia's virus information database, according to SANS Internet Storm Center handler Patrick Nolan.

"Links to technical analysis was a hoped-for outcome for the CME project, since vendors' technical analysis is the critical 'additional incident response information' needed by the people responding to malware outbreaks," Nolan wrote in a recent entry in the ISC diary. "A name by any other name is just a name."

Thomas Kristensen said the lack of links or additional information means CME is of limited use to the general public. "It can only be used by the vendors and others with a specific interest in viruses to more easily identify viruses in other vendors' databases," he said. "It probably does what it was intended to do, and more information would probably exceed the intended purpose."

Such criticisms are beside the point, according to Graham Cluley, senior technology consultant with Sophos Antivirus. "We mustn't criticize it for not being a 100 percent solution, it's a definite step in the right direction," he said. "The most important thing is that its making correlations between the different names."

He said the system would be sure to improve over time. "Linking to more information seems to be an obvious thing they could do," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?